Monday, July 26, 2010

Technology Crosswords

Hi all,
summer is time to relax and take a breath from our usual working and studying life, so what's better than doing crosswords at the pool side? at the bus stop?

check out the challenging Europa Networking Technology Crosswords and Puzzles!






You can use it online or print it!

have fun!
Marco

Friday, July 23, 2010

button pressed

Yesterday I've pressed that button:


let the countdown begin...




:-)
Marco

Sunday, July 11, 2010

QoS: Policing mini-lab

Hi all, here as promised the next mini-lab on Qos topics: today is the Policing lab :-)

using the same topology as the last post, here is the .net file:

autostart = False
[localhost:7200]
workingdir = /tmp
udp = 10000
[[3640]]
image = /opt/IOS/c3640-jk9o3s-mz.124-16.bin
chassis = 3640
ghostios = True
sparsemem = True
[[ROUTER R1]]
model = 3640
console = 4002
slot0 = NM-4T
s0/0 = R2 s0/0
[[ROUTER R2]]
model = 3640
console = 4003
slot0 = NM-4T
s0/0 = R1 s0/0
s0/1 = R3 s0/0
[[ROUTER R3]]
model = 3640
console = 4004
slot0 = NM-4T
s0/0 = R2 s0/1


and the initial configs:

!------ R1 initial config -----------------
hostname R1
!
no ip domain-lookup
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial0/0
bandwidth 128
ip address 12.12.12.1 255.255.255.0
load-interval 30
tx-ring-limit 1
tx-queue-limit 1
serial restart-delay 0
no fair-queue
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
line con 0
exec-timeout 0 0
logging synchronous
!------ END R1 initial config -----------------

!------ R2 initial config -----------------
hostname R2
!
no ip domain-lookup
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Serial0/0
bandwidth 128
ip address 12.12.12.2 255.255.255.0
load-interval 30
tx-ring-limit 1
tx-queue-limit 1
serial restart-delay 0
no fair-queue
!
interface Serial0/1
bandwidth 128
ip address 23.23.23.2 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
load-interval 30
tx-ring-limit 1
tx-queue-limit 1
no keepalive
serial restart-delay 0
no fair-queue
frame-relay map ip 23.23.23.3 666 broadcast
no frame-relay inverse-arp
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
line con 0
exec-timeout 0 0
logging synchronous
!------ END R2 initial config -----------------

!------ R3 initial config -----------------
hostname R3
!
no ip domain-lookup
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Serial0/0
bandwidth 128
ip address 23.23.23.3 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
load-interval 30
tx-ring-limit 1
tx-queue-limit 1
no keepalive
serial restart-delay 0
no fair-queue
frame-relay map ip 23.23.23.2 666 broadcast
no frame-relay inverse-arp
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
line con 0
exec-timeout 0 0
logging synchronous
!------ END R3 initial config -----------------


Let's start trying the different policing options:

1) Police single rate with two colors

For the policing, one important thing is that Bc and Be are expressed in BYTES, so you may expect different values as shaping.
The logic also is a little bit different, there is no Tc interval to refill the Token Bucket, but the arrival time in seconds of each packet is considered. Every time a packet is arrived, the token bucket is refilled with a variable amount of tokens, using this formula:

refill = ((time packet arrival sec - time arrival last packet sec) * Police rate ) /8

so more closely packets arrives, less refill will happen.
Obviously, if there aren't enough tokens, the packet is exceeding the cir, so the exceeding action will executed.
With single rate policing, the Bc value is used only as first filling value, then the refill formula above is applyed.

Let's try on R2:

R2(config-pmap-c)#do sh run | sec policy-map
policy-map POLICE-SINGLE-RATE-TWO-COLORS
class class-default
police 64000 conform-action transmit exceed-action drop

R2(config-pmap-c-police)#do sh policy-map
Policy Map POLICE-SINGLE-RATE-TWO-COLORS
Class class-default
police cir 64000 bc 2000
conform-action transmit
exceed-action drop


Here I haven't specified any initial Bc value, so the default 2000 Bytes is taken, as the show policy-map output.

Let's apply on Ser 0/0 of R2 and generate some traffic:

R2(config-pmap-c)#int s 0/0
R2(config-if)#service-policy output POLICE-SINGLE-RATE-TWO-COLORS

R2(config-if)#do ping 1.1.1.1 repeat 1000 timeout 0 size 500

Type escape sequence to abort.
Sending 1000, 500-byte ICMP Echos to 1.1.1.1, timeout is 0 seconds:
......dots dots.......

R2(config-pmap-c)#do sh policy-map int s 0/0
Serial0/0

Service-policy output: POLICE-SINGLE-RATE-TWO-COLORS

Class-map: class-default (match-any)
1006 packets, 504551 bytes
30 second offered rate 117000 bps, drop rate 117000 bps
Match: any
police:
cir 64000 bps, bc 2000 bytes
conformed 4 packets, 2016 bytes; actions:
transmit
exceeded 996 packets, 501984 bytes; actions:
drop
conformed 1000 bps, exceed 117000 bps


as you can see, the conformed rate is very low, since all our packets are sent in a too short amount of time, we can barely assume that the 4 conformed packets are using the initial 2000 Bytes Bc (500 Bytes x 4 packets...).
Here we can see a big difference between policing and shaping, with shaping the link utilization will be higher.

2) Police single rate with three colors

Woks in the same way of Single Rate dual colors, but uses two token bukets. When the conform bucket is full, the spillage refills the exceed bucket. The refill of the conform bucket uses always the packet arrival time as reference.


R2(config-pmap-c-police)#do sh policy-map
Policy Map POLICE-SINGLE-RATE-THREE-COLORS
Class class-default
police cir 64000 bc 2000 be 2000
conform-action transmit
exceed-action set-dscp-transmit default
violate-action drop

R2(config-pmap-c-police)#do sh run | sec policy-map
policy-map POLICE-SINGLE-RATE-THREE-COLORS
class class-default
police 64000 conform-action transmit exceed-action set-dscp-transmit 0 violate-action drop


The main objective with three colors is to perform a different action than drop for the exceeding or violating traffic.


3) Police dual rate with three colors

With Dual rate, policing is a little bit different. There are two buckets, one conforming and one exceeding, and they are filled in a independent way, both using the time arrival based formula.
When a packet conforms, that means there are enough tokens in the conforming bucket, but also in the exceeding one. So tokens for conforming packets are taken twice, one from each bucket.
If a packet exceeds, that means there aren't enough tokens in the conforming bucket but there are in the exceeding bucket, otherwise the packet violates.

Here an example:


R2(config-pmap-c-police)#do sh run | sec policy-map
policy-map POLICE-TWO-RATES-THREE-COLORS
class class-default
police cir 64000 pir 96000
conform-action transmit
exceed-action set-dscp-transmit default
violate-action drop

R2(config-pmap-c-police)#do sh policy-map
Policy Map POLICE-TWO-RATES-THREE-COLORS
Class class-default
police cir 64000 bc 2000 pir 96000 be 3000
conform-action transmit
exceed-action set-dscp-transmit default
violate-action drop

R2(config-if)#do sh policy-map int s 0/0
Serial0/0

Service-policy output: POLICE-TWO-RATES-THREE-COLORS

Class-map: class-default (match-any)
9011 packets, 576851 bytes
30 second offered rate 73000 bps, drop rate 68000 bps
Match: any
police:
cir 64000 bps, bc 2000 bytes
pir 96000 bps, be 3000 bytes
conformed 384 packets, 24576 bytes; actions:
transmit
exceeded 198 packets, 12672 bytes; actions:
set-dscp-transmit default
violated 8418 packets, 538752 bytes; actions:
drop
conformed 4000 bps, exceed 3000 bps, violate 68000 bps


The dual rate policing is used when you want to have the flexibility of the three colors, but the exceeding traffic has to be set with a custom value, usually less than cir rate.

As usual the policying methods can be used with the percent value:


R2(config-pmap-c-police)#do sh run | sec policy-map
policy-map POLICE-PERCENT
class class-default
police cir percent 50 pir percent 75
conform-action transmit
exceed-action set-dscp-transmit af13
violate-action drop

R2(config-pmap-c-police)#do sh policy-map
Policy Map POLICE-PERCENT
Class class-default
police cir percent 50 pir percent 75 be 0
conform-action transmit
exceed-action set-dscp-transmit af13
violate-action drop

R2(config-if)#do sh policy-map int ser 0/0
Serial0/0

Service-policy output: POLICE-PERCENT

Class-map: class-default (match-any)
33 packets, 2717 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
police:
cir 50 %
cir 64000 bps, bc 2000 bytes
pir 75 %
pir 96000 bps, be 3000 bytes
conformed 2 packets, 272 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
set-dscp-transmit af13
violated 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps, violate 0 bps


Well, enough for today, this week I have reviewed the whole QoS exam certification guide, the only thing I miss to review is the SRR/WRR differences, since the book is a little bit outdated (it uses 2950s).
Well, the next week of vacations will be the turn of Routing TCP/IP vol.I, I hope to preserve it from the beach sand :-)

have fun
Marco

Thursday, July 8, 2010

QoS: shaping mini-lab

Hi all,
using sone spare time on vacations, I'm reading the QoS exam certification guide to refresh qos topics.

Here a little lab I did today to refresh the shaping features, that always confusing me:



the .net file:

autostart = False
[localhost:7200]
workingdir = /tmp
udp = 10000
[[3640]]
image = /opt/IOS/c3640-jk9o3s-mz.124-16.bin
chassis = 3640
ghostios = True
sparsemem = True
[[ROUTER R1]]
model = 3640
console = 4002
slot0 = NM-4T
s0/0 = R2 s0/0
[[ROUTER R2]]
model = 3640
console = 4003
slot0 = NM-4T
s0/0 = R1 s0/0
s0/1 = R3 s0/0
[[ROUTER R3]]
model = 3640
console = 4004
slot0 = NM-4T
s0/0 = R2 s0/1


The initial configurations are:

!------ R1 initial config -----------------
hostname R1
!
no ip domain-lookup
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial0/0
bandwidth 128
ip address 12.12.12.1 255.255.255.0
load-interval 30
tx-ring-limit 1
tx-queue-limit 1
serial restart-delay 0
no fair-queue
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
line con 0
exec-timeout 0 0
logging synchronous
!------ END R1 initial config -----------------

!------ R2 initial config -----------------
hostname R2
!
no ip domain-lookup
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Serial0/0
bandwidth 128
ip address 12.12.12.2 255.255.255.0
load-interval 30
tx-ring-limit 1
tx-queue-limit 1
serial restart-delay 0
no fair-queue
!
interface Serial0/1
bandwidth 128
ip address 23.23.23.2 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
load-interval 30
tx-ring-limit 1
tx-queue-limit 1
no keepalive
serial restart-delay 0
no fair-queue
frame-relay map ip 23.23.23.3 666 broadcast
no frame-relay inverse-arp
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
line con 0
exec-timeout 0 0
logging synchronous
!------ END R2 initial config -----------------

!------ R3 initial config -----------------
hostname R3
!
no ip domain-lookup
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Serial0/0
bandwidth 128
ip address 23.23.23.3 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
load-interval 30
tx-ring-limit 1
tx-queue-limit 1
no keepalive
serial restart-delay 0
no fair-queue
frame-relay map ip 23.23.23.2 666 broadcast
no frame-relay inverse-arp
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
line con 0
exec-timeout 0 0
logging synchronous
!------ END R3 initial config -----------------



As you can see, the R2 to R3 link is a frame relay back-to-back, just to try frame relay traffic shaping. All the serial interfaces have a configured bandwidth of 128k and a TX buffer of 1.
This last setting is the hardware queue of the interface, setting it to 1 (1 packet) will force to use the software queues, that's useful to see our qos features in action.

Let's try the different shaping combinations:

1) Shape Average

First recall the theory: on shape average you have a single Bucket, with Bc + Be capacity, and it's filled every Tc interval with Bc tokens. With shaping Bc and Be values are in bits.

Let's configure it on R1:


policy-map SHAPE-AVERAGE
class class-default
shape average 64000 2000
interface serial 0/0
service-policy output SHAPE-AVERAGE

After we applyed the policy-map on the interface, we can see the effect of our settings:

R1(config-if)#do sh policy-map int ser 0/0
Serial0/0

Service-policy output: SHAPE-AVERAGE

Class-map: class-default (match-any)
3 packets, 192 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
64000/64000 500 2000 2000 31 250

Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 2 168 0 0 no

The output commented:
-Target/Average Rate 64000 : is the configured shape rate
-Byte Limit 500 : is the total size of the token bucket, that is Bc + Be, converted in bytes
-Sustain bits/int 2000 : is the so called Bc, as configured is 2000 bits are added every interval
-Excess bits/int 2000 : is the Be, it wasn't configured, so by default is Be = Bc
-Interval (ms) 31 : is the Tc, with the configured shape rate and the Bc, Tc is calculated using the Tc = Bc/CIR formula
-Increment (bytes) 250 : is the Bc value of 2000 bits converted in bytes (2000/8 = 250)

The rest of the output refers to traffic statistics, like packets delayed, bytes delayed and if the shaping is active or not.

let's generate some traffic and see what happens:

R1#ping 2.2.2.2 timeout 0 repeat 2000 size 1500
... more and more dots ....

R1#sh policy-map int ser 0/0
Serial0/0

Service-policy output: SHAPE-AVERAGE

Class-map: class-default (match-any)
4237 packets, 6033454 bytes
30 second offered rate 490000 bps, drop rate 475000 bps
Match: any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
64000/64000 500 2000 2000 31 250

Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 55 205 130646 76 112884 yes


Note that the shaping is active, 76 packets have been delayed, but note also the high drop rate, that occours when the shaping buffer is full.

R1#sh policy-map
Policy Map SHAPE-AVERAGE
Class class-default
Traffic Shaping
Average Rate Traffic Shaping
CIR 64000 (bps) Max. Buffers Limit 1000 (Packets)
Bc 2000

Here you can see the shaping buffer default value, 1000 packets, you can increase or decrease using reasonable values, keep in mind that more packets you will shape, more delay and jitter they will experience.

R1(config)#policy-map SHAPE-AVERAGE
R1(config-pmap)#class class-default
R1(config-pmap-c)#shape max-buffers ?
<1-4096> Maximum Buffer Limit

R1(config-pmap-c)#shape max-buffers 250
R1(config-pmap-c)#do sh policy-map
Policy Map SHAPE-AVERAGE
Class class-default
Traffic Shaping
Average Rate Traffic Shaping
CIR 64000 (bps) Max. Buffers Limit 250 (Packets)
Bc 2000


2) Shape Peak
Recall the theory here too: on shape peak you have a single Bucket, with Bc + Be capacity, and it's filled every Tc interval too, but with peak Bc + Be tokens instead of Bc only.. Bc and Be values are in bits, since we are shaping.

So the most relevant difference is that we are filling the bucket with Bc + Be tokens, instead of Bc only as with shape average, so the shaped rate is always at the peak level.

If we configure a shaping peak of 64k bps, and leave the default Tc of 125 ms, the bucket is filled with 8000 Bc tokens + 8000 Be tokens every Tc. The result is that we have a shaped rate of 128K bps.

Let's try it always on R1:

policy-map SHAPE-PEAK
class class-default
shape peak 64000
!
interface Serial 0/0
service-policy output SHAPE-PEAK
!

R1(config-if)#do sh policy-map int ser 0/0
Serial0/0

Service-policy output: SHAPE-PEAK

Class-map: class-default (match-any)
2 packets, 108 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
128000/64000 2000 8000 8000 125 2000

Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 1 84 0 0 no



the main change here is the Target Rate, that is automatically set to 128k bps, as expected.

3) Shape average with percent rate

We can also configure the shaped rate as a percent of the configured bandwidth. It works in the same way as shape average or as shape peak, depending on the configuration, but with some small differences.
The Bc and Be values must be expressed as msec values, that are used to calculate the Bc and Be depending on bandwidth.

eg, to have a shaped rate average of 32k bps on a 128k bps of configured bandwidth, with Bc = 4000 bits:

R1(config)#do sh run | sec policy-map
policy-map SHAPE-AVERAGE-PERCENT
class class-default
shape average percent 25 125 ms

R1(config)#do sh policy-map
Policy Map SHAPE-AVERAGE-PERCENT
Class class-default
Traffic Shaping
Average Rate Traffic Shaping
CIR 25 (%) Max. Buffers Limit 1000 (Packets) Bc 125 ms
R1(config)#do sh policy-map int s0/0
Serial0/0

Service-policy output: SHAPE-AVERAGE-PERCENT

Class-map: class-default (match-any)
12 packets, 875 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
25 (%) 125 (ms) 0 (ms)
32000/32000 1000 4000 4000 125 500

Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 6 731 0 0 no
R1(config)#


As you can see, I have configured only the shape average percent as 25% (128k x 25% = 32k). To obtain a Bc of 4000 bits, just recall that Tc = Bc / CIR , so Tc = 4000 / 32000 = 0,125 s of Tc, so 125 ms, as configured.




A more complex example is using different shape rates on different classes:

R1(config)#do sh run | sec class-map|policy-map
class-map match-all VOIP
match ip rtp 16384 16383
class-map match-all MISSION-CRIT
description :-) just kidding
match protocol kazaa2
policy-map SHAPE
class VOIP
shape average 64000 1000 1500
shape max-buffers 250
class MISSION-CRIT
shape peak 16000 1000
class class-default
shape average percent 25 100 ms 50 ms

R1(config-pmap-c)#do sh policy-map
Policy Map SHAPE
Class VOIP
Traffic Shaping
Average Rate Traffic Shaping
CIR 64000 (bps) Max. Buffers Limit 250 (Packets)
Bc 1000 Be 1500
Class MISSION-CRIT
Traffic Shaping
Peak Rate Traffic Shaping
CIR 16000 (bps) Max. Buffers Limit 1000 (Packets)
Bc 1000
Class class-default
Traffic Shaping
Average Rate Traffic Shaping
CIR 25 (%) Max. Buffers Limit 1000 (Packets) Bc 100 ms Be 50 ms

R1(config-pmap-c)#do sh policy-map int s0/0
Serial0/0

Service-policy output: SHAPE

Class-map: VOIP (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: ip rtp 16384 16383
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
64000/64000 312 1000 1500 15 125

Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 0 0 0 0 no

Class-map: MISSION-CRIT (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: protocol kazaa2
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
32000/16000 250 1000 1000 62 250

Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 0 0 0 0 no

Class-map: class-default (match-any)
26 packets, 1918 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
25 (%) 100 (ms) 50 (ms)
32000/32000 600 3200 1600 100 400

Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 14 1630 0 0 no



With this configuration, all the 128k bps bandwidth is distributed across the class-maps, using the three different shaping methods. Note also that if I buy more bandwidth, with this configuration only the class-default will have automatically a higher shaping rate, the other classes will require some reconfiguration.


Well, enough for today, next labs and args to try on vacation will be a policing lab, a frame relay traffic shaping lab and lan qos/switching lab.

have fun
Marco

Thursday, July 1, 2010

Packing list for vacations

Hi all, tomorrow I will start my vacations, 15 days of relaxing studies,
this is my packing list:

-Routing Tcp/IP vol.1 (to use on swimming pool side)
-QoS exam certification guide, 2nd ed. (to use on the beach)
-Laptop (hoping on an average wifi... maybe I can connect to the Lab, otherwise dynamips..)
-a blank notebook and 3 colored pencils (for funny L2/L3/BGP/IPv6 diagrams)
-yellow lan patch, 1 meter (can't stay without a RJ45 cable...)
-some giga of pdf books
-and a downloaded copy of the Configuration Guide chapters, release 12.4T

:-)

With this vacation I'll try to refresh the whole blueprint, gain more speed and knowledge on Qos, and hopefully have some fun with small labs (I guess I can't ask to my wife permission to do a full 8 hours mock on the pool side :-) )

Maybe I will find some time to document on the blog some lab, for example the nhrp one I did yesterday.

anyway, have a funny studying summer to all, I'll be back on jul 16.

byeeee
Marco